hxxps://oxy[.]st/d/EZGh

Analysis

max time kernel
1521s
max time network
1522s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/EZGh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe
Token: SeDebugPrivilege	3300	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3300	firefox.exe
3300	firefox.exe
3300	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3300	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 1120 wrote to memory of 3300	1120	firefox.exe	83
PID 3300 wrote to memory of 4592	3300	firefox.exe	84
PID 3300 wrote to memory of 4592	3300	firefox.exe	84
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 3576	3300	firefox.exe	85
PID 3300 wrote to memory of 4688	3300	firefox.exe	86
PID 3300 wrote to memory of 4688	3300	firefox.exe	86
PID 3300 wrote to memory of 4688	3300	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/EZGh"
1⤵
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/EZGh
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.0.393443860\929295445" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a81491-f2f6-475d-a4e6-1c184908d93d} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 1968 21651ef2358 gpu
    3⤵
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.1.509450519\1588208430" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4887fe64-1887-4338-a7bd-3dbba49ec458} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 2380 21651dfa258 socket
    3⤵
    PID:3576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.2.49723445\2028267570" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 2944 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f39b1bc6-6cce-400d-8dba-4de3c5ffe886} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 3296 21655de2958 tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.3.1370206169\348008586" -childID 2 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f87efeb7-67e9-4c56-add2-ee4d3ef3bf13} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 4004 216571ac058 tab
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.4.733703795\1618480660" -childID 3 -isForBrowser -prefsHandle 4628 -prefMapHandle 4660 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf36e40-49e2-48b7-8b0a-400155a90a48} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 4592 21655fd4458 tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.5.513688316\2120822352" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb485076-99ac-432f-8ffe-10514d2b0421} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 4892 21658096158 tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.6.1393041625\2045606324" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5036 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a10591-d8f3-46f6-b1fc-82ff5af7ada1} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 5080 21658096758 tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.7.373523324\168831197" -childID 6 -isForBrowser -prefsHandle 5620 -prefMapHandle 5800 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03a665d6-de21-4d86-ba01-5131486ddb0c} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 5824 21659ad5c58 tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.8.1588473264\1422771634" -childID 7 -isForBrowser -prefsHandle 6104 -prefMapHandle 6100 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {602062a4-dc8c-4d35-9f7d-15822439eccd} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 6108 21655d40e58 tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.9.2077255090\240221696" -childID 8 -isForBrowser -prefsHandle 10084 -prefMapHandle 10052 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da464d68-f8fb-4e76-b9f0-795b3732df73} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 10116 21645574058 tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.10.719266551\1043544180" -childID 9 -isForBrowser -prefsHandle 10124 -prefMapHandle 10012 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d678bda8-ab83-4b1e-8df2-a9ea5e6c55b7} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 3016 2165a08f258 tab
    3⤵
    PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.12.400811706\504603383" -childID 11 -isForBrowser -prefsHandle 9476 -prefMapHandle 9480 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0fa0e4e-5410-4f4d-85b4-74b24a0447d4} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 9468 216597d5d58 tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.11.1685289317\1176340149" -childID 10 -isForBrowser -prefsHandle 3968 -prefMapHandle 4748 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9575e999-dea7-475a-b791-b638beaac212} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 9740 2165a08c258 tab
    3⤵
    PID:4080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.15.1862438168\1274133562" -childID 14 -isForBrowser -prefsHandle 9008 -prefMapHandle 9336 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8e54ea-37ad-4677-b46c-5e3c3d55c8d8} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 9024 2165a3de858 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.14.788626674\1615326692" -childID 13 -isForBrowser -prefsHandle 9240 -prefMapHandle 9236 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67853d9f-bcff-4a0a-a264-e84f23f14528} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 9248 2165ae45e58 tab
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3300.13.222560482\1336708304" -childID 12 -isForBrowser -prefsHandle 9328 -prefMapHandle 9324 -prefsLen 27072 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfedde1-5adb-4d37-ad2f-444f324e0401} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" 9336 2165a08c858 tab
    3⤵
    PID:5236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\21028

Filesize
10KB

MD5
a9cde160ecc83ba9d7828859898a5107

SHA1
1c0d9a4eac75865ba36a312864b396cee1c6dc7b

SHA256
ebd8389d91d84b65e394892c3bdcf16153cbab36affc94491cf1cbdef613caf1

SHA512
83098c9151be396443dfa97bb54366e3f622b8be083de1f4b62511528af7ac1f9df2a4adce9a98e52d4ff24ca8fd8dc5719f3a8b922ca439c6b98aefcc6f3148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\7040

Filesize
8KB

MD5
711ea9c0d2b1766e595ee07ab5738f8e

SHA1
6d66e2da25dea11d1c436cdabd8b90b7142ae0aa

SHA256
b7966e0c8677c8b36c2bb9b3eb9f09aa653eccab65d2cc204b62ecf529f8abec

SHA512
9a5ac25913bdb8300fa84e2d3755a61e3e43032ed9719e8c851ce25a6baf71efa4bf66843adfc3fadccd8ed93a969f1c8a39dff72965e64811f8f6cee5cdfa9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\13EFA2A0AEBD2083A85C899358878A2DC2AD7C54

Filesize
41KB

MD5
92d34bd12f0979387b1a42441c63c166

SHA1
c76fa7238c075b3164a7afe55826f424bd0fdfa6

SHA256
c76d85f2e41812f2ca50fc78cb201bca0bac5a101827b356e006da7f0724a814

SHA512
41cfb319201a0aaa9e4641acab393c7891351e540020dee1653e54fe80442ba9468a779e28d386fbcffd4cea64d22fd0a26db94c9f0c33072e680fea5e55fc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
271KB

MD5
e21b6a0b64efef5fa80d429bf8af310b

SHA1
66a643570651e4dcb95e8904f30abf68c7e7dd02

SHA256
25b1deab4fac03139496155743ad01dcf49f4c1bef0e365d5146b15ae6cb5a4d

SHA512
81cf7f38c37e1bd462e57e2dcdfab84b3076140c210f22a85d6ca83d9c4410702129ab5311c55bec4b83ddfb8705f39bdad3368517847f199fbd57cae256bb13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
d1ad91dd9636b02a478d7eea78526405

SHA1
9b4d7f87ae98622691eb63f259b625fea7d6ed9d

SHA256
bbaf1a25a83365d2c5ffd6b3624f528a8126fe847a99a8ec110393fa1b5adfd0

SHA512
1a4f7166b105f1a6217b222eea8e7d97ea3be3e011b7a57b0fa5143ebfc61c653d858a1f303cc5afdaa40d3dcaa1ea10b31d96f9a79173ca0d1a7e338ab437ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\bookmarkbackups\bookmarks-2024-02-12_11_j+J83Kao--KLqP8jMtWQCw==.jsonlz4

Filesize
944B

MD5
c639412924fb2551a98b46fc4bdf3141

SHA1
1752b89039382e7b27649a23c80ba7b1dac2fee3

SHA256
8281cfc3ea7f91e7ed602d94ce53d6a34ad4ade3dea796bc44fa4f601cc18601

SHA512
c5956a6a71cc3f67d70ef759d1f453cc4f2994afe48b6815ead62335d2128e19e543bec3ef54e4eaa1ddd7be2369a2a7e7bcc36eda06110cebf8a0e3402e8ffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b43df0c059a04c1031695c2d030c2af6

SHA1
79ac05a638a48413ae8e2707e2fe018d37ca4709

SHA256
ec89cc45415fa5c5ada3a077044dfd49fa598df75f2b1048d1296b5ed2a68314

SHA512
0ebe4e361a86212ef4e4eadb597cede937d49ae6f6f3fe56862d82f9e0ee4d2c850681f88256501239a51c6b2971793d35ea4bbc2bc646308030c2b5b5b57d0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\ad76de65-c4b2-42ae-a014-e2dab36d9e4a

Filesize
11KB

MD5
bfd0fd7d22e8ec919c7bd916c8f2683f

SHA1
b79ca5b802efa5edee34366b12877bdb38cf9b82

SHA256
5d10d95157faa8d88a860693dbf9ef7a61f9d47cb7f7652c1601c3f4e35f5f80

SHA512
9ad90c01e9c1388d16afec0e2c0ca9b9e8d1dcaf96fed0883a7fc863f8d16060ceaca910f7aab1f06321efa8313f9d34d3022448027f270ccc7fc40296fe8c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\dd726332-e6d6-4337-b171-088268c49e92

Filesize
791B

MD5
6d5421f2f14f5c6c26e993bc63fc0960

SHA1
5c898cd3c29e17df87eea846a6cc19313016edde

SHA256
f37f2a6e62241c8a738f1772db48c94ef5650a36fe1e8840f5232baa3b472640

SHA512
ea7c04e9640e340f123b107bbb966619a26bfe5d6cf70a44ac4e527884a5d94228555de9e4e4ce8def200e8fe025389a480ae194a84875a427d78dcb62527ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
192KB

MD5
e10b7869c6ef32a46cad164f147b16a7

SHA1
9eedb0462c09eb5bb7605f167bccb701dbf46560

SHA256
0f62c8c807b57149f7cde82ca171de95eca10f58c2effbfb75a9a2eb26aef056

SHA512
1f917cd1163a11652ea6c566f81af2eac9606fab75d5e5a103a9346cacb6496f55ec5ff204b424679cdfb5ffc6a3780e3f851f6d491cf49433c156abab5c3df0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
7KB

MD5
5e705acd358eff10807df18221131644

SHA1
db00877048da75c55a5def11c608e7f25d49f9a4

SHA256
b6a195658851f343f16af942b31163eb14f8bd40ec48179e5e4793e50a05b35f

SHA512
6cec6b9e031b271377e734f82585c532a851becd766135f2048e9ba80e8d7238783c3a8acf014af3036043c8fb92378b1f08ef7141116e3a871da2e0739474ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
9b3e8012882a7b3c150da989ddeb269b

SHA1
3c0aeeaa425b3203a60f2ebd696862f1e1834e23

SHA256
e210c53a980ba43f0ff9d05a235d0a9d676acab4357c517aa6a1c450818f35df

SHA512
41f1fe4ec91d80664e2f00f7176b1db50c67483433262d865e3a7ac506b346f6abc4a118822ddb8dd51e8ad17a7619857057e7e28d5b90f6dcc6dc2844157d8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
344f4f3441763860dd065a49e1ed96e3

SHA1
1b79f13b93011183129c4179d57c0d9f6284933c

SHA256
71987a64026621ba03cc33678db6e0479d4b352273bd68b3fed5d1cd7f71dd84

SHA512
1b286d879185610f644fab020984b11bdff7401423894a00b278c57b4250b7018ec7282989a4142dc8671d0746f1ffcc2b25a25bfa3729d4a952fc6054e95093

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
7KB

MD5
8914ed85068a0f61e3ea00a8b89def17

SHA1
62318e03a0811b23a62112ecb786367645472380

SHA256
142a21e5f573ba7862463d06edac2d1fcad5733304a9cbcbd7cf736a0d5ca370

SHA512
eace8adb3321f84c0d3dd7a9716494580991bfc8536c62b45bed9487e52150863e11522e88b31cc9662e081880121e996e0d654db8a7d73236e6ae8da02033b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
eb6aa64b3a14dea3bcfe5f79f8abe6af

SHA1
55f922f424d196db6098a8d46d35deff76677d25

SHA256
a8c5a03fe51bfd3e906932e185f3b7ea516fa9b08b7b23857855eb3fe4db9579

SHA512
86cb07a448e96b8bab55226f44a45a46cb48f57674141e0120028b9272952d78ad601d48e0a7e0b730c531bb243c145cd92ea28c563a3aefe1f860682aab46ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
706f453927e463299fd1a6656a9e7783

SHA1
836bd882dbf73d2ccb552252a1dca99f7ba1f09a

SHA256
0b02159d2faaee5953ee28322b847ea9aa6aa8e64a0583e5de839444e89074db

SHA512
c4ce1a82ba09b3200221c0027c3e430ab370130e97066c026db6f2f42f158a6fdbaeb4167795b05e596ec92931ac2cb07ac06b1cd3f7311e29691614b8791ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
188ff9d7bb9611fdead116e8e96ac753

SHA1
9e65668700d020b993ecb8d0a123ef2169a992b2

SHA256
b45834ba744030d70363f78115984400703699974f1d4f778856b3ea659e77eb

SHA512
30790595f8f972de1d9681aae2f39bb2761c0330aa951244f22d3014fe9ba1cceda0f0201ed24e12eed0bb6b97c2614ef2835cb568124d5f2a631f0672971ff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
579c88829cf233f92e863b5bb9892eb1

SHA1
927cb5bb50fc82e609e2b190d9fd0902a8afd641

SHA256
bf260e2eb3202e0f36537e6b7fb0df58eb668bcbdf00a3f847076ae2aaeb577a

SHA512
9e7c55d2e9e8dd02b0364733011e7b4f361e41db6ca99fee186f781b37cf1e899b5e1feeb88092cf1fa6f422f2b046cfa033b2adf3dfd1898af978dd5075bf56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
fbcd1e99ede9bcd8a8df20f6178f28c7

SHA1
88696c45a0ca5748b067345ac76c50980d94711a

SHA256
abb284db02685627a20fccdc3d23a04d923938ea17716cb8a3dd66ac4a3fd95d

SHA512
43cad6a92c740a1f5563b712ff8d5ac0ee24feedc8358a25030175053c31f19a40ce933733827520fa19bac2dfbcfa98d7336aaeaffc6f31724c22df483d0ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\targeting.snapshot.json

Filesize
4KB

MD5
7941c352419b325be4a4794520912a29

SHA1
f73a46f5c5c9a638de488528d9c0d5f643c8d2d2

SHA256
778c4b19f201b40364dcc045bb7e264f3d642dbc1b8784d0539d2a0f73b1bd88

SHA512
fd251a8d65244b6a4b6b19820738c234928fe29b69eb66c123f545fa6e0dcf18477a0db3c01e27c7de8e10982737393ad9049f9098c363ba89f5b3a335821bf0

Download Submit